CMS Privileged Users and Groups (Roles)
•
Auditors
DRM
•
Administrators
•
Data Recovery Manager Agents
•
Auditors
•
Trusted Manager
682
Netscape Certificate Management System Administrator's Guide • February 2003
Can approve fields/extensions (to be included in a certificate) of certificate
profiles that have been enabled and configured by the Administrator (via
SSL-capable browsers to the RA Agent interface).
Can view signed audit logs (from the IT environment). This is the only role
allowed this privilege.
Can verify audit log signatures by running the AuditVerify tool (from the
IT environment).
Can start/stop server (from the command-line).
Can perform all configuration management for the DRM (via the CMS
Console).
Can backup (CMSBackup) and restore (CMSRestore) the subsystem from
the command-line
Can approve recovery of subject private keys (via SSL-capable browsers to
the DRM Agent interface).
Can export recovered subject private keys (via SSL-capable browsers to the
DRM Agent interface).
Can view signed audit logs (from the IT environment). This is only role
allowed this privilege.
Can verify audit log signatures by running the AuditVerify tool (from the
IT environment).
The Trusted Manager role is a special role that is not for privileged users. It
is created for inter-CIMC_boundary communication. The trust of this
communication is established using the role authentication/authorization
mechanism. Conceptually, this role is not an actual privileged role that a
user can be assigned to. Rather, the Trusted Manager role is a means of
establishing trust between two CMS subsystems. To have the CA